Malware identified by Palo Alto Networks targets data held on user clipboards from cut, copy and paste actions. ComboJack is a trojan able to replace unsuspecting user’s wallet data with the wallet address of an attacker.

ComboJack embeds itself on user systems with a possible source identified by Palo Alto Networks as phishing or malspam email. ComboJack will then frequently check the system clipboard for copied cryptocurrency wallet information.

If a genuine wallet address is identified, it is then replaced with a hardcoded wallet address presumed to belong to the attacker. Users unwittingly paste the incorrect wallet address when making a cryptocurrency transaction and send funds to the attacker instead of their desired location.

Beware of Phishing Emails

Researchers discovered the malspam targeting Japanese and American users with a campaign that could look something like this:

Opening an attached PDF file results in a message referring to an embedded doc file, which if opened, releases the ComboJack trojan to a user’s system.

The malware has been found to target Bitcoin, Litecoin, Monero and Ethereum cryptocurrency wallet addresses as well as Yandex and WebMoney in USD and rubles.

Microsoft Updates Provide Protection from ComboJack

The vulnerability exploited by ComboJack has been patched by Microsoft, so as long as users are running up to date operating systems they should be protected.

Users can also add protection for themselves from ComboJack and similar malware by not opening or downloading files with an unknown origin, and by ensuring that they are running active virus protection software.

Double Check when Pasting Wallet Information

Cryptocurrency owners should also check when copying and pasting that their entered transaction information matches the information they originally copied to ensure they are not mistakenly using an incorrect wallet address.

Checking transaction destination addresses before finalizing a transaction is a measure that may also prevent accidental transfers to incorrect wallets.

A quick double check of data can help to protect against losing funds to malware like ComboJack and CryptoShuffler, a similar malware program, and identify if a potential problem exists on a user’s system.

Have you lost coins in a malware attack or been hit by ComboJack? Let us know in the comments.